Delta Dental of California is warning almost seven million patients that they suffered a data breach after personal data was exposed in a MOVEit Transfer software breach.
Delta Dental is a dental insurance provider that covers 85 million people across 50 states, but this data breach notice concerns the California division of the company.
According to a Delta Dental data breach notification, the company suffered unauthorized access by threat actors through the MOVEit file transfer software application.
The software was vulnerable to a zero-day SQL injection flaw leading to remote code execution, tracked as CVE-2023-34362, which the Clop ransomware gang leveraged to breach thousands of organizations worldwide.
Delta Dental learned about the compromise on June 1, 2023, and five days later, following an internal investigation, it confirmed that unauthorized actors had accessed and stolen data from its systems between May 27 and May 30, 2023.
The second, more lengthy investigation to determine the exact impact of the security incident was completed on November 27, 2023.
Based on this, the data breach has so far impacted 6,928,932 customers of Delta Dental, who had their names, financial account numbers, and credit/debit card numbers, including security codes, exposed.
Delta Dental provides 24 months of free credit monitoring and identity theft protection services to impacted patients to mitigate the risk of their exposed data. Details on enrolling in the program are enclosed in the personal notices.
If you are a customer of Delta Dental of California, you are advised to be cautious with unsolicited communications, as your data may have been already shared with phishing actors, scammers, and other cybercriminals.
Delta Dental’s case is the third largest MOVEit data breach, only behind Maximus (11 million) and Welltok (8.5 million).